Triage

FAQ

General

Q. What is SecApps Triage?

Triage helps you collect, analyze and remediate vulnerabilities sourced manually or with SecApps integrated tools, such as Scout, Devcore, Lookout and BountyPage. Triage bridges the gap between the first time you find out about a vulnerability and when you remediate it by creating a process that manages vulnerabilities at scale.

Q. What can I do with SecApps Triage?

You can use Triage to run your own private Bug Bounty and Responsible Vulnerability Disclosure programs.

You can use it to:

  1. Set up a Bug Bounty program and collect bugs from the crowd in order to fix the most critical vulnerabilities in your software and infrastructure.
  2. Set up a Responsible Disclosure program and collect vetted vulnerabilities from security researchers to improve your security posture.
  3. Crowdsource security research on your own software and infrastructure with the help of SecApps.

Triage is also a great companion tool for Scout, Devcore and Lookout. All three tools detect vulnerabilities automatically. You can use Triage to aggregate all the vulnerabilities into one place and share them with your team for further investigation.

Q. What is the difference between SecApps Triage and Bugcrowd and HackerOne?

SecApps Triage with Secapps Bountypage can be used as a bug bounty platform like Bugcrowd and HackerOne. SecApps Triage provides an alternative to Bugcrowd and HackerOne for organizations looking to run private or internal bug bounty programs.

SecApps Triage solves one part of the equation - vulnerability validation. It was designed specifically with the needs of security teams in mind.

Q. Who are the main users of SecApps Triage?

SecApps Triage is designed to be used by small and large enterprises, security consultancies, vulnerability researchers and bug bounty hunters. In practice, this service is an excellent fit for any organization concerned about its public security posture.

Q. What is the most important feature of SecApps Triage?

The most crucial feature of SecApps Triage is the ability to prioritize automatically and group issues based on their technical severity and similarity. This allows users to be more efficient in their vulnerability triage efforts.

Q. How do I use SecApps Triage?

SecApps Triage can be accessed by the Triage application app of your Launchpad. There is online documentation available with tips and tricks on how to use the product effectively.

Billing

Q. How much does SecApps Triage cost?

Triage is free for up to 1,000 vulnerabilities. You can find an example cost breakdown at SecApps Triage's pricing page.

Q. How will I be charged and billed for my use of SecApps Triage?

You get charged per month per vulnerability. The invoice is billed against your credit card or account balance at the end of the month. Contact us for more information.

Q. Do your price include taxes?

Unless otherwise specified, all prices are exclusive of taxes.

Triage

Q. What is a vulnerability?

A vulnerability is a weakness in a system, a process, or a design that could be exploited by a threat source. Triage helps collect vulnerabilities and provide the tools to manage them at scale.

Q. How many vulnerabilities can I create?

You can create unlimited number of vulnerabilities. The first 1,000 vulnerabilities are free. You can find an example cost breakdown at SecApps Triage's pricing page.

Security

Q. How secure is my data in SecApps Triage?

SecApps takes data security very seriously, and this is why we have baked in hard security controls around your data. Your data has encryption at rest and in transit. Data is not persisted longer than necessary.

Q. How long SecApps Triage retains my data?

Manually created vulnerabilities, including those made by Bountypage, are retained indefinitely or until deleted. Automatically imported vulnerabilities expire in 90 days unless specifically triaged.

Q. What options do I have for encrypting data stored on SecApps Triage?

Your data is automatically encrypted with the highest possible standard. SecApps does not need to access your data except to execute your Triage instances and provide you access to read the data.

Q. Who can access my data?

You can access Triage data from the Triage app from your Launchpad.